Client Certificates from Public Certificate Authorities

I’m looking into mutual TLS authentication for a B2B API. Is it possible to use mutual TLS authentication using X.509 certificates while relying on Public CAs?

I see that some Public CAs (from CA/Browser Forum) offer signed “client authentication” certificates. What fields can I rely on in this case? Would I be able to just map the Subject Name to a user in my application and trust the CA/Browser bundle?

Can “Public CA 1” guarantee that “Public CA 2” will not sell the exact same certificate to a different company?

What are the chances that authorities spy people’s devices?

I wanted to figure out whether authorities can potentially, not in terms of whether they are allowed to, spy people’s smartphones activities such as e-amail, whatsapp chats, and so on. I don’t mean the FBi or NSA techniques used to catch dangerous people or whoever is highly harmful to the society, but I mean whether simple police stuff could possibly spy, for example, small drug dealers phones in order to dismantle their plans and so forth.

Is there a list of Certificate Authorities that provides certificates valid also for digitally sign a document?

I have to digitally sign a pdf. I created a little app using the DSS library (an EU project, based on Bouncy Castle, very simple to use) that sign the PDF with PADES using a p12 file.

I know how to create a p12 file from a certificate using openssl. The problem is I only find Certificate Authorities that provides certificates for SSL.

There’s somewhere a list of official and trusted CAs that provides X.509 certificates also for signing documents? I’m interested in pricing in particular… 😛

Thank in advance.